Details
-
Bug
-
Resolution: Unresolved
-
Major - P3
-
None
-
None
-
None
-
Server Security
-
ALL
-
Security 2021-11-15, Security 2021-11-29
Description
When a Master key is rotated by the MongoDB Enterprise using the command
mongod --enableEncryption --kmipRotateMasterKey \
|
--kmipServerName <KMIP Server HostName> \
|
--kmipServerCAFile ca.pem --kmipClientCertificateFile client.pem
|
the KMIP Client in it does not deactivate the master key which it was using prior to the rotation and the old key is left as a stale entry in the server.
Also, please confirm if it has to be removed ideally or whether its retained for any specific reason.
Added content from SERVER-53055:
only two KMIP operations listed below are performed by the KMIP Client in MongoDB Enterprise.
- Create
- Get